class Alon : public CPP, public Architecture

October 14, 2014

As you probably know, you can download and play with the first bits of Windows 10. While there are many things to discover in the User Interface of the Windows Shell and WinRT applications, I like to dig and find Kernel changes. To do that I use several tools from Sysinternals and Debugging tools for Windows (which are part of Windows SDK now).

I installed Windows 10 x64 bit on Hyper-V:

I have also created a Windows Azure Windows 10 Server Machine:

Using Sysinternals WinObj I have found that there are new two Kernel object types:

After installing Visual Studio and the Windows 10 symbols, I could disassemble the kernel:

I also installed Debugging tools for Windows and use LiveKD –w, so I could use WinDbg with the x command to easily find symbols. The uf WinDbg command shows me the assembly of the specific function that I wanted to investigate.